ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SK0-005 All Questions

View all questions & answers for the SK0-005 exam
Go to Exam

Exam SK0-005 topic 1 question 123 discussion

Actual exam question from CompTIA's SK0-005
Question #: 123
Topic #: 1
[All SK0-005 Questions]

A systems administrator has been alerted to a zero-day vulnerability that is impacting a service enabled on a server OS. Which of the following would work BEST to limit an attacker from exploiting this vulnerability?

  • A. Installing the latest patches
  • B. Closing open ports
  • C. Enabling antivirus protection
  • D. Enabling a NIDS
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by RSMCT2011 at Oct. 20, 2022, 5:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a792193
1 year, 1 month ago
Selected Answer: B
Correct Answer: B. Closing open ports Incorrect answer: NIDS - because the "D" stands for detection, not PREVENTION. NIDS would not stop an attack it would only generate an alert.
upvoted 1 times
...
hasquaati
1 year, 4 months ago
Selected Answer: B
- Nothing in the question is asking to detect the zero day attack, so NIDS is not relevant. We already know about the attack. - Nothing in the question is asking us to keep the service running with our action. - There is a low probability that a patch will solve an issue of a zero day attack. - Closing the port is the only option that can prevent malware traffic effecting the particular service.
upvoted 1 times
...
MrS
1 year, 6 months ago
Selected Answer: B
B. Closing open ports. This option means blocking or disabling the network ports used by the service affected by the zero-day vulnerability. Closing open ports can work best to limit an attacker from exploiting the zero-day vulnerability, as it can prevent or reduce the exposure of the service to the network and reduce the attack surface. Closing open ports can also help to isolate the host from potential attacks and minimize the impact on other hosts or systems in the cluster.
upvoted 1 times
...
RSMCT2011
2 years, 3 months ago
assumption: a zero-day vulnerability means the patch is still not available, so answer is D: Enabling a NIDS
upvoted 2 times
RSMCT2011
2 years, 3 months ago
Since we know the services with zero-day vulnerabilities, I think closing ports is better than installing NIDS. so B is a better answer
upvoted 2 times
Drewid91
2 years, 2 months ago
Depending on business needs, closing a port may not be a viable option. NIDS feels like the most likely answer to be correct.
upvoted 1 times
Obi_Wan_Jacoby
2 years ago
But is not NIDS a "detection" system? The questions asks what is best to limit an attacker from exploiting the vulnerability, whereas a NIDS will simply tell you once it happened. In this case, answer B would be it (Assuming they are closing the specific ports utilized in the zero-day). A&C obviously are no good against zero-day.
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel